A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of a header, payload, and signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWT tokens, showing the header, payload, and claims. It checks expiration status but does not verify signatures as that requires the secret key.

Is it safe to paste my JWT here?

Yes, all decoding happens in your browser. Your JWT token is never sent to any server. However, never share your JWTs publicly as they may contain sensitive data.

JWT解码器

解码和检查JSON Web令牌(JWT)。查看头部、有效载荷、声明和过期状态。

JWT令牌

使用方法

解码和检查JSON Web令牌(JWT)。查看头部、有效载荷、声明和过期状态。

1Paste a JWT token (three Base64url segments separated by dots) into the input field.
2The tool decodes and displays the Header, Payload, and Signature sections.
3Review the claims in the Payload: `iss`, `sub`, `exp`, `iat`, and any custom claims.
4Check the expiration status — the tool highlights whether the token is expired.

主要功能

Decodes JWT header, payload, and signature without any server request
Displays all standard and custom claims in formatted JSON
Shows token expiration status and remaining time or time since expiry
Handles HS256, HS384, HS512, RS256, and other common algorithms

常见问题

了解更多

API Security Best Practices for Developers